The role of open source software in embedded systems

Open source software (OSS) thrives on a culture of shared knowledge, where developers, engineers, and organizations build upon each other's work to drive progress. Real-time operating systems (RTOS) like Zephyr and FreeRTOS illustrate the reach of OSS, expanding into real-time applications. Foundational technologies like the Linux kernel, Kubernetes, and Python are notable cornerstones for both enterprise software and embedded systems.

The first quarter of each year puts a strong spotlight on OSS and embedded systems — from February’s Open Source month, which celebrates community contributions and awareness, to March’s annual Embedded World event, where industry leaders gather to discuss the latest advancements in embedded technology. With a reputation for ensuring security, reliability, and adaptability, OSS in embedded systems fosters a more future-proof ecosystem. 

The strength of OSS lies in the collaborative efforts between companies, contributors, and communities. Strategic partnerships support broader adoption efforts, strengthen resilience, and contribute to the ongoing evolution of open source solutions. Perspectives from Anna-Lena Marx, Embedded Software Developer at inovex, a leader in embedded software development, and Josef Holzmayr, Community Manager for the Yocto Project and Developer Enablement Expert at Northern.tech, highlight how open source software enables transparency, prevents vendor lock-in, and empowers organizations to build more secure and flexible technology solutions.

The value of open source software in embedded systems

Building embedded systems requires designing highly complex solutions tailored to specific use cases, with product lifecycles often exceeding ten years. Security, maintainability, and flexibility are critical for the success of long-term projects. As such, many teams seeking transparency, adaptability, and long-term support preferred OSS and open core technologies. As Marx states, "No single company would be able to build a second Linux kernel and the surrounding ecosystem, such as user-space tools or deeply integrated security mechanisms, from scratch."

Beyond enabling deep customization, OSS provides unmatched transparency. "OSS means open for everybody to look at,” comments Holzmayr. “In many cases, transparency enables the discovery of creative new use cases, a greater understanding of the behavior and mental models involved, and helps others by sharing know-how.”

Particularly valuable for enterprises, the ability to fully understand, modify, and adapt source code is crucial for security, functionality, and long-term maintenance. The community-driven model empowers businesses to have the freedom to transition away from legacy components while benefiting from continuous improvements driven by an active ecosystem of contributors. Holzmayr emphasizes, “Having a community of active contributors in both knowledge and code is something that only OSS can achieve."

Challenges facing open source software solutions

One of the most pressing challenges in the OSS ecosystem is sustainability for maintainers and monetization for commercial entities. As Holzmayr points out, the mindset behind OSS has shifted significantly over the years. Passionate individual contributors historically drove the growth of open source software, but today, commercial entities lead much of its development. Introducing new tension, smaller projects and independent maintainers must navigate a landscape increasingly shaped by business interests. At the same time, companies face the challenge of monetizing their involvement without compromising the collaborative, community-driven nature that defines OSS. 

Many companies are experimenting with different models to support their OSS efforts, some of which blur the lines between open and proprietary. “A somewhat prominent approach is re-licensing to a form of source-available software, without upholding the 'free and open' mindset,” notes Holzmar. “In many cases, those companies face strong backlashes, and forking in the code is sometimes successful, and sometimes a failure.” The core tension is finding a model that stays true to OSS values while still being financially viable — to “merge the requirements of being open, collaborative, and financially sustainable."

The shift toward proprietary platforms also presents a risk. While tools like GitHub and Discord make open source software development more accessible and user-friendly, their control by large corporations raises concerns about long-term stability and accessibility. "Giving up the independence of decentralized mailing lists, forums, and chat solutions may pose a risk to the long-term stability of projects," Marx notes. Moving away from decentralized systems, which once formed the backbone of OSS collaboration, may compromise project resilience over time.

The increasing reliance on proprietary platforms isn't the only challenge shaping the future of open source software. Developers and organizations must confront broader questions surrounding sustainability, governance, and long-term project viability as the ecosystem evolves. While commercial solutions may raise concerns around control and stability, OSS initiatives face challenges, particularly maintaining independence and securing the financial and structural support needed to ensure long-term success. Navigating the future of open source software requires balancing innovation with resilience — across communities, companies, and the infrastructure on which they depend.

The impact of the EU Cyber Resilience Act and new regulations

Regulations like the EU Cyber Resilience Act (CRA) are also reshaping the landscape of open source development. The CRA applies horizontally to commercial products with digital elements (PDEs) and has introduced some of the strictest software security regulations. Its goal is to drive better vulnerability management, improve software development practices, and raise the overall security standard for digital products — ultimately benefiting end users. However, the key challenge will be ensuring compliance without discouraging contributions or placing undue burdens on open source maintainers, who already struggle with sustainability. "A significant risk is that new regulations make it unattractive for developers to contribute due to the associated personal liability, thereby jeopardizing innovation, performance, and even the future of these projects," Marx explains.

With full enforcement, including penalties, set for October 2026, the long-term impact of the CRA is becoming more apparent. While the regulation primarily targets commercial products, it introduces legal uncertainty for smaller OSS projects — especially those with corporate or foundation backing — as they are more likely to be included in commercial offerings and, therefore, fall under the scope of CRA.

Holzmayr also highlights the potential impact on commercial consumers of open source software, “especially those reselling products built on open components,” rather than open-source developers themselves. A central regulation element is improving supply chain transparency. The CRA requires an up-to-date software bill of materials (SBOMs), which details all the components and their origins included in a product. Companies that build commercial products using OSS components will face the most pressure to comply with the CRA; these companies will now need to understand and manage their software supply chain more responsibly.

Looking ahead, the industry is likely to see growing efforts to improve processes, enhance documentation, and increase transparency across popular open source software components and projects.

The influence of AI on open source software

Artificial intelligence (AI) is rapidly reshaping how open source software is developed and maintained. AI-powered tools streamline repetitive tasks, assist with documentation, and generate pull requests. New AI solutions can accelerate development by handling minor code variations and eliminating tedious manual edits. However, the benefits of AI come with trade-offs.

Marx and Holzmayr raise concerns about the quality and reliability of AI-generated contributions. “AI tools are already impacting the work of maintainers by providing pull requests with low-quality code or incorrect security analyses,” Marx states. In this scenario, the AI tool creates more work for maintainers rather than less. Holzmayr emphasizes that while AI is useful for replicating known code patterns, it doesn’t guarantee sustainability or long-term quality. "If there is one thing that AI is good at, it's replicating things it has seen before. Many small code snippets are just minor variations of existing ones; AI can handle these tedious adjustments efficiently.”

The long-term implications of AI in OSS remain uncertain. Holzmayr envisions a divide between handcrafted, maintainable code and AI-generated throwaway code designed for one-off use and quick replacement. As AI becomes more integrated into OSS workflows, the community will need to consider not just productivity gains but also the long-term impact on security, maintainability, and licensing.

The role of collaboration in open source software security 

Open source security and reliability thrive on collaboration, which is the cornerstone of finding common ground. In software terms, collaboration means creating shared, reusable technology that benefits many while also distributing the effort needed to maintain it. Partnerships create shared foundations, allowing contributors to pool resources, reduce maintenance burdens, and improve security. Holzmayr highlights how a collaborative project built with multiple contributors' input is often more robust and well-tested than an isolated in-house solution. Synergistic partnerships enable developers to focus on their unique value propositions without having to reinvent common solutions.

Open source collaboration extends beyond code to knowledge-sharing and direct engagement. "Maintaining close contact with the projects and technologies we utilize is crucial,” states Marx. “A direct line for support, bug reporting, and contributing back patches benefits both sides. Additionally, helping each other grow and become commercially successful ultimately supports the sustainability of these projects."

Open source communities, companies, developers, and contributors all play an active role in strengthening open source security. By working closely with projects and communities, these stakeholders help ensure the continuous improvement of security patches, feature updates, and critical fixes. While technical contributions remain the foundation of open source software progress, financial support through sponsorships, funding initiatives, or corporate involvement can also help improve sustainability and reduce maintenance.

The future of open source software 

As regulations evolve, AI reshapes development, and collaboration methods shift, open source software in embedded systems faces challenges and opportunities. The continued efforts of the OSS community, like the Yocto Project, and the surrounding ecosystem, like development firm inovex, highlight how OSS empowers organizations to build more secure and flexible technology solutions. The collaboration demonstrates how shared problem-solving drives security, reliability, and innovation in embedded systems.

As the open source landscape continues to evolve, one thing remains clear: its strength lies in shared knowledge, strong partnerships, and a collective commitment to building a more secure and adaptable future for the industry.

Download the new regulatory overview for more information on staying compliant with the CRA’s extensive security requirements. 

Read the overview